[Freeipa-users] sssd went away, failed to restart

Harald Dunkel harald.dunkel at aixigo.de
Thu May 12 09:03:13 UTC 2016 

On 05/12/16 10:26, Lukas Slebodnik wrote:
> On (12/05/16 09:42), Harald Dunkel wrote:
>>
>> It happened again :-(.This *really* needs to be fixed.
>> I wouldn't like to move back to ypbind.
>>
> I would like to If I knew what to fix and how to reliably reproduce.
> 

It would be very nice if sssd could become more reliable at
startup time. It gives up to easy. And it is not restarted
in case of a problem, which is fatal for a service providing
access to a user database.

>> Logfiles are attached. sssd is version 1.13.3. The server
>> was rebooted at 05:56. At 06:03:18 sssd wrote the first
>> logfile entries.
>>
> I cannot see in log files that sssd was started.

:
:
(Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Child [sudo] exited gracefully
(Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Terminating [nss][441]
(Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully
(Thu May 12 06:03:18 2016) [sssd] [sysdb_domain_init_internal] (0x0200): DB File for example.com: /var/lib/sss/db/cache_example.com.ldb
(Thu May 12 06:03:20 2016) [sssd] [get_ping_config] (0x0100): Time between service pings for [example.com]: [10]
(Thu May 12 06:03:20 2016) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [example.com]: [60]
(Thu May 12 06:03:20 2016) [sssd] [start_service] (0x0100): Queueing service example.com for startup
(Thu May 12 06:03:22 2016) [sssd] [sbus_server_init_new_connection] (0x0200): Entering.
:
:

> Log files seems to be truncated and there seems to be probllem
> with network communication.
> 
> [be_resolve_server_process] (0x0200): Found address for server ipa2.example.com: [172.29.96.4] TTL 7200
> [init_timeout] (0x0040): Client timed out before Identification [0x12d50c0]!
> [sdap_kinit_done] (0x0080): Communication with KDC timed out, trying the next one
> [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.com' as 'not working'
> 

You have cut off the time stamps. Here they are:

(Thu May 12 06:03:31 2016) [sssd[be[example.com]]] [be_resolve_server_process] (0x0200): Found address for server ipa2.example.com: [172.29.96.4] TTL 7200
(Thu May 12 06:03:36 2016) [sssd[be[example.com]]] [init_timeout] (0x0040): Client timed out before Identification [0x12d50c0]!
(Thu May 12 06:03:37 2016) [sssd[be[example.com]]] [sdap_kinit_done] (0x0080): Communication with KDC timed out, trying the next one
(Thu May 12 06:03:37 2016) [sssd[be[example.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.com' as 'not working'

Obviously the 5 secs timeout is not sufficient for stable
operation. I am not sure if thats the reason for sssd to
go away, though.

> Do you have mounted nfs on /var/log/ or anywhere else?

Surely not. All mount points are local.

> It can explain a lot if there are network related issues.
> 

I don't see why there should be any network related issues.
The ipa servers were available all the time. The network
is configured static.


Regards
Harri

More information about the Freeipa-users mailing list